I usually drop all forwards as the last rule and allow only known tracked traffic. Now, I have an strange problem for creating a rule for allowing ping from one server to another.
I should be able to do this using this rule:
Code: Select all
add action=accept chain=forward comment=Ping protocol=icmp src-address=192.168.9.220
But, additionally I need to add the following rule to make it work:
Code: Select all
add action=accept chain=forward comment=Established connection-state=established dst-address=192.168.9.220
Thanks